本文档详细介绍了如何使用kubeadm在CentOS7+环境下搭建Kubernetes集群,包括安装Docker和kubeadm,部署Master和Node,安装CNI网络插件,以及测试集群功能。
Kubernetes部署
kubeadm是官方社区推出的一个用于快速部署kubernetes集群的工具。
这个工具能通过两条指令完成一个kubernetes集群的部署:
# 创建一个 Master 节点
$ kubeadm init
# 将一个 Node 节点加入到当前集群中
$ kubeadm join <Master节点的IP和端口>
1.安装要求
在开始之前,部署Kubernetes集群机器需要满足以下几个条件:
-至少3台机器,操作系统 CentOS7+
硬件配置:2GB或更多RAM,2个CPU或更多CPU,硬盘20GB或更多
集群中所有机器之间网络互通
可以访问外网,需要拉取镜像
禁止swap分区
2.操作内容
在所有节点上安装Docker和kubeadm
部署Kubernetes Master
部署容器网络插件
部署 Kubernetes Node,将节点加入Kubernetes集群中
部署Dashboard Web页面,可视化查看Kubernetes资源
3.环境
| 主机名 | IP |
|---|---|
| master | 192.168.197.134 |
| node1 | 192.168.197.135 |
| node2 | 192.168.197.136 |
关闭三台主机防火墙SELinux和swap并改名
[root@localhost ~]# systemctl disable --now firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# setenforce 0
[root@localhost ~]# vi /etc/selinux/config
[root@localhost ~]# vi /etc/selinux/config
[root@localhost ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@localhost ~]# reboot
连接断开
连接成功
Last login: Sat Dec 18 22:54:40 2021 from gateway
[root@localhost ~]# hostnamectl set-hostname master
[root@localhost ~]# bash
[root@master ~]# vi /etc/fstab
[root@master ~]# cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Sat Dec 18 22:26:14 2021
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=4f529f44-693b-445c-b327-01d6a2e5c8f5 /boot xfs defaults 0 0
# /dev/mapper/centos-swap swap swap defaults 0 0
[root@master ~]#
[root@localhost ~]# systemctl disable --now firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# setenforce 0
[root@localhost ~]# vi /etc/selinux/config
[root@localhost ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@localhost ~]# reboot
连接断开
连接成功
Last login: Sat Dec 18 22:56:04 2021 from gateway
[root@localhost ~]# hostnamectl set-hostname node1
[root@localhost ~]# bash
[root@node1 ~]# vi /etc/fstab
[root@node1 ~]# cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Sat Dec 18 22:26:14 2021
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=4f529f44-693b-445c-b327-01d6a2e5c8f5 /boot xfs defaults 0 0
# /dev/mapper/centos-swap swap swap defaults 0 0
[root@localhost ~]# systemctl disable --now firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# setenforce 0
[root@localhost ~]# vi /etc/selinux/config
[root@localhost ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@localhost ~]# reboot
连接断开
连接成功
Last login: Sat Dec 18 22:55:38 2021 from gateway
[root@localhost ~]# hostnamectl set-hostname node2
[root@localhost ~]# bash
[root@node2 ~]# vi /etc/fstab
[root@node2 ~]# cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Sat Dec 18 22:26:14 2021
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=4f529f44-693b-445c-b327-01d6a2e5c8f5 /boot xfs defaults 0 0
# /dev/mapper/centos-swap swap swap defaults 0 0
在master添加hosts并将桥接IPv4流量传递倒iptables
[root@master ~]# vi /etc/hosts
[root@master ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.197.134 master master.example.com
192.168.197.135 node1 node1.example.com
192.168.197.136 node2 node2.example.com
[root@master ~]# cd /etc/yum.repos.d/
[root@master yum.repos.d]# rm -rf *
[root@master yum.repos.d]# ls
[root@master yum.repos.d]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
% Total % Received % Xferd Average Speed Time Time Time Current
[root@master sysctl.d]# cat > /etc/sysctl.d/k8s.conf << EOF
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> EOF
[root@master sysctl.d]# cd
[root@master ~]# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/k8s.conf ...
* Applying /etc/sysctl.conf ...
[root@master ~]#
时间同步
[root@master ~]# yum -y install chrony
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
正在解决依赖关系
--> 正在检查事务
---> 软件包 chrony.x86_64.0.3.2-2.el7 将被 升级
---> 软件包 chrony.x86_64.0.3.4-1.el7 将被 更新
--> 解决依赖关系完成
依赖关系解决
======================================================================================================================================
Package 架构 版本 源 大小
======================================================================================================================================
正在更新:
chrony x86_64 3.4-1.el7 base 251 k
事务概要
======================================================================================================================================
升级 1 软件包
总下载量:251 k
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
chrony-3.4-1.el7.x86_64.rpm | 251 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在更新 : chrony-3.4-1.el7.x86_64 1/2
清理 : chrony-3.2-2.el7.x86_64 2/2
验证中 : chrony-3.4-1.el7.x86_64 1/2
验证中 : chrony-3.2-2.el7.x86_64 2/2
更新完毕:
chrony.x86_64 0:3.4-1.el7
完毕!
[root@master ~]# systemctl enable --now chronyd
[root@master ~]#
[root@node1 ~]# yum -y install chrony
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
正在解决依赖关系
--> 正在检查事务
---> 软件包 chrony.x86_64.0.3.2-2.el7 将被 升级
---> 软件包 chrony.x86_64.0.3.4-1.el7 将被 更新
--> 解决依赖关系完成
依赖关系解决
======================================================================================================================================
Package 架构 版本 源 大小
======================================================================================================================================
正在更新:
chrony x86_64 3.4-1.el7 base 251 k
事务概要
======================================================================================================================================
升级 1 软件包
总下载量:251 k
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
chrony-3.4-1.el7.x86_64.rpm | 251 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在更新 : chrony-3.4-1.el7.x86_64 1/2
清理 : chrony-3.2-2.el7.x86_64 2/2
验证中 : chrony-3.4-1.el7.x86_64 1/2
验证中 : chrony-3.2-2.el7.x86_64 2/2
更新完毕:
chrony.x86_64 0:3.4-1.el7
完毕!
[root@node1 ~]# systemctl enable --now chronyd
root@node2 ~]# yum -y install chrony
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
正在解决依赖关系
--> 正在检查事务
---> 软件包 chrony.x86_64.0.3.2-2.el7 将被 升级
---> 软件包 chrony.x86_64.0.3.4-1.el7 将被 更新
--> 解决依赖关系完成
依赖关系解决
======================================================================================================================================
Package 架构 版本 源 大小
======================================================================================================================================
正在更新:
chrony x86_64 3.4-1.el7 base 251 k
事务概要
======================================================================================================================================
升级 1 软件包
总下载量:251 k
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
chrony-3.4-1.el7.x86_64.rpm | 251 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在更新 : chrony-3.4-1.el7.x86_64 1/2
清理 : chrony-3.2-2.el7.x86_64 2/2
验证中 : chrony-3.4-1.el7.x86_64 1/2
验证中 : chrony-3.2-2.el7.x86_64 2/2
更新完毕:
chrony.x86_64 0:3.4-1.el7
完毕!
[root@node2 ~]# systemctl enable --now chronyd
免密登录
[root@master ~]# ssh-copy-id master
/usr/bin/ssh-copy-id: ERROR: failed to open ID file '/root/.pub': 没有那个文件或目录
(to install the contents of '/root/.pub' anyway, look at the -f option)
[root@master ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:M2I5U1/bonYtg9zkpPK6KTIF3vMgkoj+ahZyWq0snho root@master
The key's randomart image is:
+---[RSA 2048]----+
| |
| |
| . . |
| . o . . o |
|.. + o* S . = . |
|+.= +.=+ + O o |
|E=.o o +. * * . |
|o=+ o . .= . o |
|*=o. o .+o. |
+----[SHA256]-----+
[root@master ~]# ssh-copy-id master
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'master (192.168.197.134)' can't be established.
ECDSA key fingerprint is SHA256:hd0EaLL/p2JHDepS83KTv/qVEHJOo0vK5xaX7+RIsSY.
ECDSA key fingerprint is MD5:3b:4e:dd:e2:76:62:f8:0b:51:e8:c8:ac:77:cc:25:96.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': y
Please type 'yes' or 'no':
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
The authenticity of host 'master (192.168.197.134)' can't be established.
ECDSA key fingerprint is SHA256:hd0EaLL/p2JHDepS83KTv/qVEHJOo0vK5xaX7+RIsSY.
ECDSA key fingerprint is MD5:3b:4e:dd:e2:76:62:f8:0b:51:e8:c8:ac:77:cc:25:96.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@master's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'master'"
and check to make sure that only the key(s) you wanted were added.
[root@master ~]# ssh-copy-id node1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'node1 (192.168.197.135)' can't be established.
ECDSA key fingerprint is SHA256:hd0EaLL/p2JHDepS83KTv/qVEHJOo0vK5xaX7+RIsSY.
ECDSA key fingerprint is MD5:3b:4e:dd:e2:76:62:f8:0b:51:e8:c8:ac:77:cc:25:96.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'node1'"
and check to make sure that only the key(s) you wanted were added.
[root@master ~]# ssh-copy-id node2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'node2 (192.168.197.136)' can't be established.
ECDSA key fingerprint is SHA256:hd0EaLL/p2JHDepS83KTv/qVEHJOo0vK5xaX7+RIsSY.
ECDSA key fingerprint is MD5:3b:4e:dd:e2:76:62:f8:0b:51:e8:c8:ac:77:cc:25:96.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node2's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'node2'"
and check to make sure that only the key(s) you wanted were added.
4.所有节点安装docker/kubeadm/kubelet
[root@master ~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
[root@master ~]# yum -y install docker-ce
[root@master ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
[root@master ~]# docker --version
Docker version 20.10.12, build e91ed57
[root@master ~]#
[root@master ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://q9u587gb.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
[root@node1 ~]# yum -y install docker-ce
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
[root@node1 ~]# systemctl enable --now docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@node1 ~]# vim /etc/docker/daemon.json
[root@node2 ~]# yum -y install docker-ce
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
[root@node2 ~]# systemctl enable --now docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@node2 ~]# vim /etc/docker/daemon.json
5.添加kubernetes阿里云YUM软件源
[root@master ~]# cat > /etc/yum.repos.d/kubernetes.repo << EOF
> [kubernetes]
> name=Kubernetes
> baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
> enabled=1
> gpgcheck=0
> repo_gpgcheck=0
> gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
> EOF
[root@master ~]# cd /etc/yum.repos.d/
[root@master yum.repos.d]# ls
CentOS-Base.repo docker-ce.repo kubernetes.repo
[root@master yum.repos.d]#
[root@node1 ~]# cat > /etc/yum.repos.d/kubernetes.repo << EOF
> [kubernetes]
> name=Kubernetes
> baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
> enabled=1
> gpgcheck=0
> repo_gpgcheck=0
> gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
> EOF
[root@node1 ~]# cd /etc/yum.repos.d/
[root@node1 yum.repos.d]# ls
CentOS-Base.repo docker-ce.repo kubernetes.repo
[root@node1 yum.repos.d]#
[root@node2 ~]# cat > /etc/yum.repos.d/kubernetes.repo << EOF
> [kubernetes]
> name=Kubernetes
> baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
> enabled=1
> gpgcheck=0
> repo_gpgcheck=0
> gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
> EOF
[root@node2 ~]# cd /etc/yum.repos.d/
[root@node2 yum.repos.d]# ls
CentOS-Base.repo docker-ce.repo kubernetes.repo
[root@node2 yum.repos.d]#
6.安装kubeadm,kubelet和kubectl
[root@node2 ~]# yum install -y kubelet-1.20.0 kubeadm-1.20.0 kubectl-1.20.0
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
kubernetes | 1.4 kB 00:00:00
kubernetes/primary | 102 kB 00:00:01
kubernetes 751/751
正在解决依赖关系
--> 正在检查事务
---> 软件包 kubeadm.x86_64.0.1.20.0-0 将被 安装
--> 正在处理依赖关系 kubernetes-cni >= 0.8.6,它被软件包 kubeadm-1.20.0-0.x86_64 需要
--> 正在处理依赖关系 cri-tools >= 1.13.0,它被软件包 kubeadm-1.20.0-0.x86_64 需要
---> 软件包 kubectl.x86_64.0.1.20.0-0 将被 安装
---> 软件包 kubelet.x86_64.0.1.20.0-0 将被 安装
--> 正在处理依赖关系 socat,它被软件包 kubelet-1.20.0-0.x86_64 需要
--> 正在处理依赖关系 conntrack,它被软件包 kubelet-1.20.0-0.x86_64 需要
--> 正在检查事务
---> 软件包 conntrack-tools.x86_64.0.1.4.4-7.el7 将被 安装
--> 正在处理依赖关系 libnetfilter_cttimeout.so.1(LIBNETFILTER_CTTIMEOUT_1.1)(64bit),它被软件包 conntrack-tools-1.4.4-7.el7.x86_64 需要
--> 正在处理依赖关系 libnetfilter_cttimeout.so.1(LIBNETFILTER_CTTIMEOUT_1.0)(64bit),它被软件包 conntrack-tools-1.4.4-7.el7.x86_64 需要
--> 正在处理依赖关系 libnetfilter_cthelper.so.0(LIBNETFILTER_CTHELPER_1.0)(64bit),它被软件包 conntrack-tools-1.4.4-7.el7.x86_64 需要
--> 正在处理依赖关系 libnetfilter_queue.so.1()(64bit),它被软件包 conntrack-tools-1.4.4-7.el7.x86_64 需要
--> 正在处理依赖关系 libnetfilter_cttimeout.so.1()(64bit),它被软件包 conntrack-tools-1.4.4-7.el7.x86_64 需要
--> 正在处理依赖关系 libnetfilter_cthelper.so.0()(64bit),它被软件包 conntrack-tools-1.4.4-7.el7.x86_64 需要
---> 软件包 cri-tools.x86_64.0.1.19.0-0 将被 安装
---> 软件包 kubernetes-cni.x86_64.0.0.8.7-0 将被 安装
---> 软件包 socat.x86_64.0.1.7.3.2-2.el7 将被 安装
--> 正在检查事务
---> 软件包 libnetfilter_cthelper.x86_64.0.1.0.0-11.el7 将被 安装
---> 软件包 libnetfilter_cttimeout.x86_64.0.1.0.0-7.el7 将被 安装
---> 软件包 libnetfilter_queue.x86_64.0.1.0.2-2.el7_2 将被 安装
--> 解决依赖关系完成
依赖关系解决
======================================================================================================================================
Package 架构 版本 源 大小
======================================================================================================================================
正在安装:
kubeadm x86_64 1.20.0-0 kubernetes 8.3 M
kubectl x86_64 1.20.0-0 kubernetes 8.5 M
kubelet x86_64 1.20.0-0 kubernetes 20 M
为依赖而安装:
conntrack-tools x86_64 1.4.4-7.el7 base 187 k
cri-tools x86_64 1.19.0-0 kubernetes 5.7 M
kubernetes-cni x86_64 0.8.7-0 kubernetes 19 M
libnetfilter_cthelper x86_64 1.0.0-11.el7 base 18 k
libnetfilter_cttimeout x86_64 1.0.0-7.el7 base 18 k
libnetfilter_queue x86_64 1.0.2-2.el7_2 base 23 k
socat x86_64 1.7.3.2-2.el7 base 290 k
事务概要
======================================================================================================================================
安装 3 软件包 (+7 依赖软件包)
总下载量:62 M
安装大小:265 M
Downloading packages:
(1/10): conntrack-tools-1.4.4-7.el7.x86_64.rpm | 187 kB 00:00:00
(2/10): 91e0f0a3a10ab757acf9611e8b81e1b272d76a5c400544a254d2c34a6ede1c11-kubeadm-1.20.0-0.x86_64.rpm | 8.3 MB 00:00:32
(3/10): 67ffa375b03cea72703fe446ff00963919e8fce913fbc4bb86f06d1475a6bdf9-cri-tools-1.19.0-0.x86_64.rpm | 5.7 MB 00:00:34
(4/10): 1281489661f7627c8b175b789d300fe3c703c8dd1f618dcdfeac1354131b376d-kubectl-1.20.0-0.x86_64.rpm | 8.5 MB 00:00:35
(5/10): libnetfilter_cthelper-1.0.0-11.el7.x86_64.rpm | 18 kB 00:00:00
(6/10): libnetfilter_queue-1.0.2-2.el7_2.x86_64.rpm | 23 kB 00:00:00
(7/10): libnetfilter_cttimeout-1.0.0-7.el7.x86_64.rpm | 18 kB 00:00:01
(8/10): socat-1.7.3.2-2.el7.x86_64.rpm | 290 kB 00:00:02
(9/10): 268447fe89ce41034f21c7a6c73290bd2e1920f856ec413285a5054260625822-kubelet-1.20.0-0.x86_64.rpm | 20 MB 00:01:10
(10/10): db7cb5cb0b3f6875f54d10f02e625573988e3e91fd4fc5eef0b1876bb18604ad-kubernetes-cni-0.8.7-0.x86_64.rpm | 19 MB 00:00:46
--------------------------------------------------------------------------------------------------------------------------------------
总计 551 kB/s | 62 MB 00:01:54
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : socat-1.7.3.2-2.el7.x86_64 1/10
正在安装 : libnetfilter_cttimeout-1.0.0-7.el7.x86_64 2/10
正在安装 : libnetfilter_queue-1.0.2-2.el7_2.x86_64 3/10
正在安装 : libnetfilter_cthelper-1.0.0-11.el7.x86_64 4/10
正在安装 : conntrack-tools-1.4.4-7.el7.x86_64 5/10
正在安装 : kubernetes-cni-0.8.7-0.x86_64 6/10
正在安装 : kubelet-1.20.0-0.x86_64 7/10
正在安装 : kubectl-1.20.0-0.x86_64 8/10
正在安装 : cri-tools-1.19.0-0.x86_64 9/10
正在安装 : kubeadm-1.20.0-0.x86_64 10/10
验证中 : cri-tools-1.19.0-0.x86_64 1/10
验证中 : kubectl-1.20.0-0.x86_64 2/10
验证中 : libnetfilter_cthelper-1.0.0-11.el7.x86_64 3/10
验证中 : conntrack-tools-1.4.4-7.el7.x86_64 4/10
验证中 : kubernetes-cni-0.8.7-0.x86_64 5/10
验证中 : libnetfilter_queue-1.0.2-2.el7_2.x86_64 6/10
验证中 : kubelet-1.20.0-0.x86_64 7/10
验证中 : libnetfilter_cttimeout-1.0.0-7.el7.x86_64 8/10
验证中 : socat-1.7.3.2-2.el7.x86_64 9/10
验证中 : kubeadm-1.20.0-0.x86_64 10/10
已安装:
kubeadm.x86_64 0:1.20.0-0 kubectl.x86_64 0:1.20.0-0 kubelet.x86_64 0:1.20.0-0
作为依赖被安装:
conntrack-tools.x86_64 0:1.4.4-7.el7 cri-tools.x86_64 0:1.19.0-0 kubernetes-cni.x86_64 0:0.8.7-0
libnetfilter_cthelper.x86_64 0:1.0.0-11.el7 libnetfilter_cttimeout.x86_64 0:1.0.0-7.el7 libnetfilter_queue.x86_64 0:1.0.2-2.el7_2
socat.x86_64 0:1.7.3.2-2.el7
完毕!
[root@node2 ~]# systemctl enable kubelet
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.
[root@node2 ~]#
[root@node1 ~]# yum install -y kubelet-1.20.0 kubeadm-1.20.0 kubectl-1.20.0
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
kubernetes | 1.4 kB 00:00:00
kubernetes/primary | 102 kB 00:00:00
kubernetes 751/751
正在解决依赖关系
--> 正在检查事务
---> 软件包 kubeadm.x86_64.0.1.20.0-0 将被 安装
--> 正在处理依赖关系 kubernetes-cni >= 0.8.6,它被软件包 kubeadm-1.20.0-0.x86_64 需要
--> 正在处理依赖关系 cri-tools >= 1.13.0,它被软件包 kubeadm-1.20.0-0.x86_64 需要
---> 软件包 kubectl.x86_64.0.1.20.0-0 将被 安装
---> 软件包 kubelet.x86_64.0.1.20.0-0 将被 安装
--> 正在处理依赖关系 socat,它被软件包 kubelet-1.20.0-0.x86_64 需要
--> 正在处理依赖关系 conntrack,它被软件包 kubelet-1.20.0-0.x86_64 需要
--> 正在检查事务
---> 软件包 conntrack-tools.x86_64.0.1.4.4-7.el7 将被 安装
--> 正在处理依赖关系 libnetfilter_cttimeout.so.1(LIBNETFILTER_CTTIMEOUT_1.1)(64bit),它被软件包 conntrack-tools-1.4.4-7.el7.x86_64 需要
--> 正在处理依赖关系 libnetfilter_cttimeout.so.1(LIBNETFILTER_CTTIMEOUT_1.0)(64bit),它被软件包 conntrack-tools-1.4.4-7.el7.x86_64 需要
--> 正在处理依赖关系 libnetfilter_cthelper.so.0(LIBNETFILTER_CTHELPER_1.0)(64bit),它被软件包 conntrack-tools-1.4.4-7.el7.x86_64 需要
--> 正在处理依赖关系 libnetfilter_queue.so.1()(64bit),它被软件包 conntrack-tools-1.4.4-7.el7.x86_64 需要
--> 正在处理依赖关系 libnetfilter_cttimeout.so.1()(64bit),它被软件包 conntrack-tools-1.4.4-7.el7.x86_64 需要
--> 正在处理依赖关系 libnetfilter_cthelper.so.0()(64bit),它被软件包 conntrack-tools-1.4.4-7.el7.x86_64 需要
---> 软件包 cri-tools.x86_64.0.1.19.0-0 将被 安装
---> 软件包 kubernetes-cni.x86_64.0.0.8.7-0 将被 安装
---> 软件包 socat.x86_64.0.1.7.3.2-2.el7 将被 安装
--> 正在检查事务
---> 软件包 libnetfilter_cthelper.x86_64.0.1.0.0-11.el7 将被 安装
---> 软件包 libnetfilter_cttimeout.x86_64.0.1.0.0-7.el7 将被 安装
---> 软件包 libnetfilter_queue.x86_64.0.1.0.2-2.el7_2 将被 安装
--> 解决依赖关系完成
依赖关系解决
======================================================================================================================================
Package 架构 版本 源 大小
======================================================================================================================================
正在安装:
kubeadm x86_64 1.20.0-0 kubernetes 8.3 M
kubectl x86_64 1.20.0-0 kubernetes 8.5 M
kubelet x86_64 1.20.0-0 kubernetes 20 M
为依赖而安装:
conntrack-tools x86_64 1.4.4-7.el7 base 187 k
cri-tools x86_64 1.19.0-0 kubernetes 5.7 M
kubernetes-cni x86_64 0.8.7-0 kubernetes 19 M
libnetfilter_cthelper x86_64 1.0.0-11.el7 base 18 k
libnetfilter_cttimeout x86_64 1.0.0-7.el7 base 18 k
libnetfilter_queue x86_64 1.0.2-2.el7_2 base 23 k
socat x86_64 1.7.3.2-2.el7 base 290 k
事务概要
======================================================================================================================================
安装 3 软件包 (+7 依赖软件包)
总下载量:62 M
安装大小:265 M
Downloading packages:
(1/10): conntrack-tools-1.4.4-7.el7.x86_64.rpm | 187 kB 00:00:00
(2/10): 67ffa375b03cea72703fe446ff00963919e8fce913fbc4bb86f06d1475a6bdf9-cri-tools-1.19.0-0.x86_64.rpm | 5.7 MB 00:00:25
(3/10): 91e0f0a3a10ab757acf9611e8b81e1b272d76a5c400544a254d2c34a6ede1c11-kubeadm-1.20.0-0.x86_64.rpm | 8.3 MB 00:00:35
(4/10): 1281489661f7627c8b175b789d300fe3c703c8dd1f618dcdfeac1354131b376d-kubectl-1.20.0-0.x86_64.rpm | 8.5 MB 00:00:39
(5/10): libnetfilter_cthelper-1.0.0-11.el7.x86_64.rpm | 18 kB 00:00:00
(6/10): libnetfilter_queue-1.0.2-2.el7_2.x86_64.rpm | 23 kB 00:00:00
(7/10): libnetfilter_cttimeout-1.0.0-7.el7.x86_64.rpm | 18 kB 00:00:01
(8/10): socat-1.7.3.2-2.el7.x86_64.rpm | 290 kB 00:00:01
(9/10): 268447fe89ce41034f21c7a6c73290bd2e1920f856ec413285a5054260625822-kubelet-1.20.0-0.x86_64.rpm | 20 MB 00:01:13
(10/10): db7cb5cb0b3f6875f54d10f02e625573988e3e91fd4fc5eef0b1876bb18604ad-kubernetes-cni-0.8.7-0.x86_64.rpm | 19 MB 00:00:57
--------------------------------------------------------------------------------------------------------------------------------------
总计 519 kB/s | 62 MB 00:02:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : socat-1.7.3.2-2.el7.x86_64 1/10
正在安装 : libnetfilter_cttimeout-1.0.0-7.el7.x86_64 2/10
正在安装 : libnetfilter_queue-1.0.2-2.el7_2.x86_64 3/10
正在安装 : libnetfilter_cthelper-1.0.0-11.el7.x86_64 4/10
正在安装 : conntrack-tools-1.4.4-7.el7.x86_64 5/10
正在安装 : kubernetes-cni-0.8.7-0.x86_64 6/10
正在安装 : kubelet-1.20.0-0.x86_64 7/10
正在安装 : kubectl-1.20.0-0.x86_64 8/10
正在安装 : cri-tools-1.19.0-0.x86_64 9/10
正在安装 : kubeadm-1.20.0-0.x86_64 10/10
验证中 : cri-tools-1.19.0-0.x86_64 1/10
验证中 : kubectl-1.20.0-0.x86_64 2/10
验证中 : libnetfilter_cthelper-1.0.0-11.el7.x86_64 3/10
验证中 : conntrack-tools-1.4.4-7.el7.x86_64 4/10
验证中 : kubernetes-cni-0.8.7-0.x86_64 5/10
验证中 : libnetfilter_queue-1.0.2-2.el7_2.x86_64 6/10
验证中 : kubelet-1.20.0-0.x86_64 7/10
验证中 : libnetfilter_cttimeout-1.0.0-7.el7.x86_64 8/10
验证中 : socat-1.7.3.2-2.el7.x86_64 9/10
验证中 : kubeadm-1.20.0-0.x86_64 10/10
已安装:
kubeadm.x86_64 0:1.20.0-0 kubectl.x86_64 0:1.20.0-0 kubelet.x86_64 0:1.20.0-0
作为依赖被安装:
conntrack-tools.x86_64 0:1.4.4-7.el7 cri-tools.x86_64 0:1.19.0-0 kubernetes-cni.x86_64 0:0.8.7-0
libnetfilter_cthelper.x86_64 0:1.0.0-11.el7 libnetfilter_cttimeout.x86_64 0:1.0.0-7.el7 libnetfilter_queue.x86_64 0:1.0.2-2.el7_2
socat.x86_64 0:1.7.3.2-2.el7
完毕!
[root@node1 ~]# systemctl enable kubelet
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.
[root@master ~]# yum install -y kubelet-1.20.0 kubeadm-1.20.0 kubectl-1.20.0
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
kubernetes | 1.4 kB 00:00:00
kubernetes/primary | 102 kB 00:00:00
kubernetes 751/751
正在解决依赖关系
--> 正在检查事务
---> 软件包 kubeadm.x86_64.0.1.20.0-0 将被 安装
--> 正在处理依赖关系 kubernetes-cni >= 0.8.6,它被软件包 kubeadm-1.20.0-0.x86_64 需要
--> 正在处理依赖关系 cri-tools >= 1.13.0,它被软件包 kubeadm-1.20.0-0.x86_64 需要
---> 软件包 kubectl.x86_64.0.1.20.0-0 将被 安装
---> 软件包 kubelet.x86_64.0.1.20.0-0 将被 安装
--> 正在处理依赖关系 socat,它被软件包 kubelet-1.20.0-0.x86_64 需要
--> 正在处理依赖关系 conntrack,它被软件包 kubelet-1.20.0-0.x86_64 需要
--> 正在检查事务
---> 软件包 conntrack-tools.x86_64.0.1.4.4-7.el7 将被 安装
--> 正在处理依赖关系 libnetfilter_cttimeout.so.1(LIBNETFILTER_CTTIMEOUT_1.1)(64bit),它被软件包 conntrack-tools-1.4.4-7.el7.x86_64 需要
--> 正在处理依赖关系 libnetfilter_cttimeout.so.1(LIBNETFILTER_CTTIMEOUT_1.0)(64bit),它被软件包 conntrack-tools-1.4.4-7.el7.x86_64 需要
--> 正在处理依赖关系 libnetfilter_cthelper.so.0(LIBNETFILTER_CTHELPER_1.0)(64bit),它被软件包 conntrack-tools-1.4.4-7.el7.x86_64 需要
--> 正在处理依赖关系 libnetfilter_queue.so.1()(64bit),它被软件包 conntrack-tools-1.4.4-7.el7.x86_64 需要
--> 正在处理依赖关系 libnetfilter_cttimeout.so.1()(64bit),它被软件包 conntrack-tools-1.4.4-7.el7.x86_64 需要
--> 正在处理依赖关系 libnetfilter_cthelper.so.0()(64bit),它被软件包 conntrack-tools-1.4.4-7.el7.x86_64 需要
---> 软件包 cri-tools.x86_64.0.1.19.0-0 将被 安装
---> 软件包 kubernetes-cni.x86_64.0.0.8.7-0 将被 安装
---> 软件包 socat.x86_64.0.1.7.3.2-2.el7 将被 安装
--> 正在检查事务
---> 软件包 libnetfilter_cthelper.x86_64.0.1.0.0-11.el7 将被 安装
---> 软件包 libnetfilter_cttimeout.x86_64.0.1.0.0-7.el7 将被 安装
---> 软件包 libnetfilter_queue.x86_64.0.1.0.2-2.el7_2 将被 安装
--> 解决依赖关系完成
依赖关系解决
======================================================================================================================================
Package 架构 版本 源 大小
======================================================================================================================================
正在安装:
kubeadm x86_64 1.20.0-0 kubernetes 8.3 M
kubectl x86_64 1.20.0-0 kubernetes 8.5 M
kubelet x86_64 1.20.0-0 kubernetes 20 M
为依赖而安装:
conntrack-tools x86_64 1.4.4-7.el7 base 187 k
cri-tools x86_64 1.19.0-0 kubernetes 5.7 M
kubernetes-cni x86_64 0.8.7-0 kubernetes 19 M
libnetfilter_cthelper x86_64 1.0.0-11.el7 base 18 k
libnetfilter_cttimeout x86_64 1.0.0-7.el7 base 18 k
libnetfilter_queue x86_64 1.0.2-2.el7_2 base 23 k
socat x86_64 1.7.3.2-2.el7 base 290 k
事务概要
======================================================================================================================================
安装 3 软件包 (+7 依赖软件包)
总下载量:62 M
安装大小:265 M
Downloading packages:
(1/10): conntrack-tools-1.4.4-7.el7.x86_64.rpm | 187 kB 00:00:00
(2/10): 67ffa375b03cea72703fe446ff00963919e8fce913fbc4bb86f06d1475a6bdf9-cri-tools-1.19.0-0.x86_64.rpm | 5.7 MB 00:00:06
(3/10): 91e0f0a3a10ab757acf9611e8b81e1b272d76a5c400544a254d2c34a6ede1c11-kubeadm-1.20.0-0.x86_64.rpm | 8.3 MB 00:00:15
(4/10): 1281489661f7627c8b175b789d300fe3c703c8dd1f618dcdfeac1354131b376d-kubectl-1.20.0-0.x86_64.rpm | 8.5 MB 00:00:14
(5/10): libnetfilter_cthelper-1.0.0-11.el7.x86_64.rpm | 18 kB 00:00:00
(6/10): libnetfilter_queue-1.0.2-2.el7_2.x86_64.rpm | 23 kB 00:00:00
(7/10): libnetfilter_cttimeout-1.0.0-7.el7.x86_64.rpm | 18 kB 00:00:00
(8/10): socat-1.7.3.2-2.el7.x86_64.rpm | 290 kB 00:00:02
(9/10): 268447fe89ce41034f21c7a6c73290bd2e1920f856ec413285a5054260625822-kubelet-1.20.0-0.x86_64.rpm | 20 MB 00:01:22
(10/10): db7cb5cb0b3f6875f54d10f02e625573988e3e91fd4fc5eef0b1876bb18604ad-kubernetes-cni-0.8.7-0.x86_64.rpm | 19 MB 00:01:17
--------------------------------------------------------------------------------------------------------------------------------------
总计 644 kB/s | 62 MB 00:01:38
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : socat-1.7.3.2-2.el7.x86_64 1/10
正在安装 : libnetfilter_cttimeout-1.0.0-7.el7.x86_64 2/10
正在安装 : libnetfilter_queue-1.0.2-2.el7_2.x86_64 3/10
正在安装 : libnetfilter_cthelper-1.0.0-11.el7.x86_64 4/10
正在安装 : conntrack-tools-1.4.4-7.el7.x86_64 5/10
正在安装 : kubernetes-cni-0.8.7-0.x86_64 6/10
正在安装 : kubelet-1.20.0-0.x86_64 7/10
正在安装 : kubectl-1.20.0-0.x86_64 8/10
正在安装 : cri-tools-1.19.0-0.x86_64 9/10
正在安装 : kubeadm-1.20.0-0.x86_64 10/10
验证中 : cri-tools-1.19.0-0.x86_64 1/10
验证中 : kubectl-1.20.0-0.x86_64 2/10
验证中 : libnetfilter_cthelper-1.0.0-11.el7.x86_64 3/10
验证中 : conntrack-tools-1.4.4-7.el7.x86_64 4/10
验证中 : kubernetes-cni-0.8.7-0.x86_64 5/10
验证中 : libnetfilter_queue-1.0.2-2.el7_2.x86_64 6/10
验证中 : kubelet-1.20.0-0.x86_64 7/10
验证中 : libnetfilter_cttimeout-1.0.0-7.el7.x86_64 8/10
验证中 : socat-1.7.3.2-2.el7.x86_64 9/10
验证中 : kubeadm-1.20.0-0.x86_64 10/10
已安装:
kubeadm.x86_64 0:1.20.0-0 kubectl.x86_64 0:1.20.0-0 kubelet.x86_64 0:1.20.0-0
作为依赖被安装:
conntrack-tools.x86_64 0:1.4.4-7.el7 cri-tools.x86_64 0:1.19.0-0 kubernetes-cni.x86_64 0:0.8.7-0
libnetfilter_cthelper.x86_64 0:1.0.0-11.el7 libnetfilter_cttimeout.x86_64 0:1.0.0-7.el7 libnetfilter_queue.x86_64 0:1.0.2-2.el7_2
socat.x86_64 0:1.7.3.2-2.el7
完毕!
[root@master ~]# systemctl enable kubelet
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.
7.部署Kubernetes Master
[root@master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.aliyuncs.com/google_containers/kube-proxy v1.20.0 10cc881966cf 12 months ago 118MB
registry.aliyuncs.com/google_containers/kube-scheduler v1.20.0 3138b6e3d471 12 months ago 46.4MB
registry.aliyuncs.com/google_containers/kube-apiserver v1.20.0 ca9843d3b545 12 months ago 122MB
registry.aliyuncs.com/google_containers/kube-controller-manager v1.20.0 b9fa1895dcaa 12 months ago 116MB
registry.aliyuncs.com/google_containers/etcd 3.4.13-0 0369cf4303ff 15 months ago 253MB
registry.aliyuncs.com/google_containers/coredns 1.7.0 bfe3a36ebd25 18 months ago 45.2MB
registry.aliyuncs.com/google_containers/pause 3.2 80d28bedfe5d 22 months ago 683kB
[root@master ~]# echo 'export KUBECONFIG=/etc/kubernetes/admin.conf' > /etc/profile.d/k8s.sh
[root@master ~]# source /etc/profile.d/k8s.sh
[root@master ~]# echo $KUBECONFIG
/etc/kubernetes/admin.conf
8.安装Pod网络插件(CNI)
[root@master ~]# kubectl apply -f kube-flannel.yml
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
9.加入Kubernetes Node
[root@node1 ~]# kubeadm join 192.168.197.134:6443 --token 922m7c.b1ywwrqqpxtwz9jr \
> --discovery-token-ca-cert-hash sha256:4cd5ef74ef5b2a9e29f573bf9a6ae369690137e4638494425f64e1073d92a65e
[preflight] Running pre-flight checks
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.12. Latest validated version: 19.03
[WARNING Hostname]: hostname "node1.example.com" could not be reached
[WARNING Hostname]: hostname "node1.example.com": lookup node1.example.com on 192.168.197.2:53: no such host
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher
[root@node1 ~]# echo "1">/proc/sys/net/bridge/bridge-nf-call-iptables
[root@node1 ~]# kubeadm join 192.168.197.134:6443 --token 922m7c.b1ywwrqqpxtwz9jr --discovery-token-ca-cert-hash sha256:4cd5ef74ef5b2a9e29f573bf9a6ae369690137e4638494425f64e1073d92a65e
[preflight] Running pre-flight checks
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.12. Latest validated version: 19.03
[WARNING Hostname]: hostname "node1.example.com" could not be reached
[WARNING Hostname]: hostname "node1.example.com": lookup node1.example.com on 192.168.197.2:53: no such host
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
[root@node2 ~]# kubeadm join 192.168.197.134:6443 --token 922m7c.b1ywwrqqpxtwz9jr \
> --discovery-token-ca-cert-hash sha256:4cd5ef74ef5b2a9e29f573bf9a6ae369690137e4638494425f64e1073d92a65e
[preflight] Running pre-flight checks
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.12. Latest validated version: 19.03
[WARNING Hostname]: hostname "node2.example.com" could not be reached
[WARNING Hostname]: hostname "node2.example.com": lookup node2.example.com on 192.168.197.2:53: no such host
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher
#这里出现了报错我们根据提示跑到这个文件下把他改为1
[root@node2 ~]# cd /proc/sys/net/bridge/
[root@node2 bridge]# ls
bridge-nf-call-arptables bridge-nf-call-iptables bridge-nf-filter-vlan-tagged
bridge-nf-call-ip6tables bridge-nf-filter-pppoe-tagged bridge-nf-pass-vlan-input-dev
[root@node2 bridge]# vi bridge-nf-call-iptables
[root@node2 bridge]# chmod +rw bridge-nf-call-iptables
chmod: 更改"bridge-nf-call-iptables" 的权限: 不允许的操作
[root@node2 bridge]# echo "1">/proc/sys/net/bridge/bridge-nf-call-iptables
[root@node2 bridge]# kubeadm join 192.168.197.134:6443 --token 922m7c.b1ywwrqqpxtwz9jr --discovery-token-ca-cert-hash sha256:4cd5ef74ef5b2a9e29f573bf9a6ae369690137e4638494425f64e1073d92a65e
[preflight] Running pre-flight checks
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.12. Latest validated version: 19.03
[WARNING Hostname]: hostname "node2.example.com" could not be reached
[WARNING Hostname]: hostname "node2.example.com": lookup node2.example.com on 192.168.197.2:53: no such host
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane,master 31m v1.20.0
node1.example.com NotReady <none> 2m12s v1.20.0
node2.example.com Ready <none> 2m35s v1.20.0
10.测试kubernetes集群
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane,master 31m v1.20.0
node1.example.com NotReady <none> 2m12s v1.20.0
node2.example.com Ready <none> 2m35s v1.20.0
[root@master ~]# kubectl create deployment nginx --image=nginx
deployment.apps/nginx created
[root@master ~]# kubectl expose deployment nginx --port=80 --type=NodePort
service/nginx exposed
[root@master ~]# kubectl get pod,svc
NAME READY STATUS RESTARTS AGE
pod/nginx-6799fc88d8-zq8ng 0/1 ContainerCreating 0 18s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 33m
service/nginx NodePort 10.103.101.206 <none> 80:31918/TCP 6s
[root@master ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:33280 *:*
LISTEN 0 128 127.0.0.1:10248 *:*
LISTEN 0 128 127.0.0.1:10249 *:*
LISTEN 0 128 192.168.197.134:2379 *:*
LISTEN 0 128 127.0.0.1:2379 *:*
LISTEN 0 128 192.168.197.134:2380 *:*
LISTEN 0 128 127.0.0.1:2381 *:*
LISTEN 0 128 *:31918 *:*
LISTEN 0 128 127.0.0.1:10257 *:*
LISTEN 0 128 127.0.0.1:10259 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::10250 :::*
LISTEN 0 128 :::6443 :::*
LISTEN 0 128 :::10256 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@master ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 34m
nginx NodePort 10.103.101.206 <none> 80:31918/TCP 41s
[root@master ~]# curl 10.103.101.206
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@master ~]#
5085
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
